Remote control of smartphones and PCs to perform all-deletion attack
Long-term dormancy to steal accounts
Evidence of monitoring using PC webcams

A North Korean state-backed hacking organization has been found to be carrying out a cyber attack that remotely controls Android smartphones and PCs to completely delete major data such as photos, documents, and contacts.

According to a threat analysis report by the Genian Security Center on the 10th, this is the first time a likely North Korean state-backed cyber attacker has caused direct, real-world damage (to smartphones, tablets, and PCs), moving beyond mere personal information theft.

The report details that on September 5, a domestic psychological counselor's smartphone was wiped, and their hijacked KakaoTalk account was used to send a malicious file disguised as a ‘stress relief program’ to acquaintances. On September 15, an Android smartphone belonging to a North Korean human rights activist was also wiped, with the malicious file simultaneously distributed to 36 acquaintances via their stolen KakaoTalk account. This method, leveraging trusted acquaintances, is analyzed as a typical social engineering tactic from North Korea.

Notably, an unprecedented attack method was discovered. The hackers infiltrated devices, lay dormant for a long time, and stole Google and major domestic IT service account information. They used Google's location-based service ('Find My Device Hub') to confirm the victim was away. Once the victim was outside, they remotely wiped the smartphone using the 'Find Hub' function and, simultaneously, distributed the malware through an already infected PC or tablet at the victim's location.

Furthermore, the report suggests evidence that the hackers may have used webcams installed on the infected PCs to monitor the victim's every move and confirm their absence. The malware included webcam and microphone control features, indicating the possibility of constant surveillance.

The report warned, "The strategy combining Android data deletion and account-based attack propagation is unprecedented," signaling that North Korea's cyber attack tactics are escalating to a "practical destruction phase that penetrates people's daily lives." To minimize damage, Genians advised implementing two-step verification, avoiding automatic password saving in browsers, and turning off PCs when not in use.